[torbutton/master] Bug 4517: Disable external drag and drop. - tor-commits

7 Dec 2011

commit adc40a1d2c0d8be8b4e082fecc22722372b7a0cb
Author: Mike Perry mikeperry-git@fscked.org
Date:   Tue Dec 6 14:29:49 2011 -0800
Bug 4517: Disable external drag and drop.
We basically remove all the url-containing drag and drop mime-types from the
    drag action. This seems to still allow you to drag stuff within TBB (because
    it uses its own internal secret types), but prevents dragging to outside apps.
---
 src/chrome.manifest                    |    1 +
 src/components/external-app-blocker.js |  103 +++++++++++++++++++++++++++++++-
 src/install.rdf                        |    2 +-
 3 files changed, 102 insertions(+), 4 deletions(-)

diff --git a/src/chrome.manifest b/src/chrome.manifest
index cda8bb9..2172815 100644
--- a/src/chrome.manifest
+++ b/src/chrome.manifest
@@ -132,6 +132,7 @@ component {3da0269f-fc29-4e9e-a678-c3b1cafcf13f} components/external-app-blocker
 contract @mozilla.org/mime;1 {3da0269f-fc29-4e9e-a678-c3b1cafcf13f}
 contract @mozilla.org/uriloader/external-protocol-service;1 {3da0269f-fc29-4e9e-a678-c3b1cafcf13f}
 contract @mozilla.org/uriloader/external-helper-app-service;1 {3da0269f-fc29-4e9e-a678-c3b1cafcf13f}
+contract @mozilla.org/widget/dragservice;1 {3da0269f-fc29-4e9e-a678-c3b1cafcf13f}
component {aef08952-b003-4697-b935-a392367e214f} components/tbSessionStore.js
 contract @torproject.org/torbutton-ss-blocker;1 {aef08952-b003-4697-b935-a392367e214f}
diff --git a/src/components/external-app-blocker.js b/src/components/external-app-blocker.js
index a83f50c..7b68a21 100644
--- a/src/components/external-app-blocker.js
+++ b/src/components/external-app-blocker.js
@@ -11,16 +11,21 @@ const kMODULE_CONTRACTID_APP = "@mozilla.org/uriloader/external-helper-app-servi
 const kMODULE_CONTRACTID_PROTO = "@mozilla.org/uriloader/external-protocol-service;1";
 const kMODULE_CONTRACTID_MIME = "@mozilla.org/mime;1";
+const kMODULE_CONTRACTID_DRAG = "@mozilla.org/widget/dragservice;1";
+
+
 const kMODULE_CID = Components.ID("3da0269f-fc29-4e9e-a678-c3b1cafcf13f");
/* Mozilla defined interfaces for FF3.0 */
 const kREAL_EXTERNAL_CID = "{A7F800E0-4306-11d4-98D0-001083010E9B}";
-
 const kExternalInterfaces = ["nsIObserver", "nsIMIMEService",
                              "nsIExternalHelperAppService",
                              "nsISupportsWeakReference", // XXX: Uh-oh...
                              "nsIExternalProtocolService",
                              "nsPIExternalAppLauncher"];
+                             
+const kREAL_DRAG_CID = "{8b5314bb-db01-11d2-96ce-0060b0fb9956}";
+const kDragInterfaces = ["nsIDragService"];
const Cr = Components.results;
 const Cc = Components.classes;
@@ -38,6 +43,7 @@ function ExternalWrapper() {
   this.logger.log(3, "Component Load 0: New ExternalWrapper.");
this._real_external = Components.classesByID[kREAL_EXTERNAL_CID];
+  this._real_drag = Components.classesByID[kREAL_DRAG_CID];
   this._interfaces = kExternalInterfaces;
this._prefs = Components.classes["@mozilla.org/preferences-service;1"]
@@ -52,6 +58,15 @@ function ExternalWrapper() {
   };
this.copyMethods(this._external());
+
+  this._drag = function() {
+    var drag = this._real_drag.getService();
+    for (var i = 0; i < kDragInterfaces.length; i++) {
+      drag.QueryInterface(Components.interfaces[kDragInterfaces]);
+    }
+    return drag;
+  };
+  this.copyMethods(this._drag());
 }
ExternalWrapper.prototype =
@@ -62,8 +77,13 @@ ExternalWrapper.prototype =
       return this;
     }
-    var external = this._external().QueryInterface(iid);
-    this.copyMethods(external);
+    try {
+      var external = this._external().QueryInterface(iid);
+      this.copyMethods(external);
+    } catch(e) {
+      var drag = this._drag().QueryInterface(iid);
+      this.copyMethods(drag);
+    }
     return this;
   },
@@ -83,6 +103,10 @@ ExternalWrapper.prototype =
       interfaceList.push(Components.interfaces[this._interfaces[i]]);
     }
+    for (var i = 0; i < kDragInterfaces.length; i++) {
+      interfaceList.push(Components.interfaces[kDragInterfaces[i]]);
+    }
+
     count.value = interfaceList.length;
     return interfaceList;
   },
@@ -199,6 +223,71 @@ ExternalWrapper.prototype =
     return this._external().doContent(aMimeContentType, aRequest, aWindowContext, aForceSave);
   },
+  // from nsIDragService
+  invokeDragSessionWithImage: function(aDOMNode, aTransferableArray, aRegion, aActionType, aImage, aImageX, aImageY, aDragEvent, aDataTransfer) {
+    aActionType = 0;
+
+    for(var i = 0; i < aTransferableArray.Count(); i++) {
+        this.logger.log(3, "Inspecting drag+drop transfer: "+i);
+        var tr = aTransferableArray.GetElementAt(i);
+        tr.QueryInterface(Ci.nsITransferable);
+
+        var flavors = tr.flavorsTransferableCanExport()
+                        .QueryInterface(Ci.nsISupportsArray);
+
+        for (var f=0; f < flavors.Count(); f++) {
+          var flavor =flavors.GetElementAt(f); 
+          flavor.QueryInterface(Ci.nsISupportsCString);
+
+          this.logger.log(3, "Got drag+drop flavor: "+flavor);
+          if (flavor == "text/x-moz-url" ||
+              flavor == "text/x-moz-url-data" ||
+              flavor == "text/uri-list" ||
+              flavor == "application/x-moz-file-promise-url") {
+            this.logger.log(3, "Removing "+flavor);
+            try { tr.removeDataFlavor(flavor); } catch(e) {}
+            continue;
+          }
+
+          /*
+          var data = {}, len = {};
+          try {
+            tr.getTransferData(flavor, data, len);
+            this.logger.log(3, "Got data: "+data.value.QueryInterface(Ci.nsISupportsString).data);
+          } catch(e) {
+          }
+          */
+        }
+    }
+
+    return this._drag().invokeDragSessionWithImage(aDOMNode, aTransferableArray, aRegion, aActionType, aImage, aImageX, aImageY, aDragEvent, aDataTransfer);
+  },
+  /*
+  fireDragEventAtSource: function( aMsg ) {
+    this.logger.log(4, "FIRE AT THE SOURCE!!!");
+    return this._drag().fireDragEventAtSource(aMsg);
+  },
+
+  invokeDragSession: function(aDOMNode, aTransferables, aRegion, aActionType ) {
+    this.logger.log(4, "InvokeDragSession!");
+    return this._drag().invokeDragSession(aDOMNode, aTransferables, aRegion, aActionType );
+  },
+  invokeDragSessionWithSelection: function(aSelection, aTransferableArray, aActionType, aDragEvent, aDataTransfer) {
+    this.logger.log(4, "InvokeDragSessionWithSelection!!");
+    return this._drag().invokeDragSessionWithSelection(aSelection, aTransferableArray, aActionType, aDragEvent, aDataTransfer);
+  },
+
+  endDragSession: function(aDoneDrag) {
+    this.logger.log(4, "EndDrag");
+    return this._drag().endDragSession(aDoneDrag);
+  },
+
+  startDragSesssion: function() {
+    this.logger.log(4, "StartDrag");
+    return this._drag().startDragSession();
+  }
+  */
+
 };
var ExternalWrapperSingleton = null;
@@ -250,6 +339,14 @@ function (compMgr, fileSpec, location, type) {
                                   fileSpec,
                                   location,
                                   type);
+
+  compMgr.registerFactoryLocation(kMODULE_CID,
+                                  kMODULE_NAME,
+                                  kMODULE_CONTRACTID_DRAG,
+                                  fileSpec,
+                                  location,
+                                  type);
+
 };
ExternalWrapperModule.getClassObject = function (compMgr, cid, iid)
diff --git a/src/install.rdf b/src/install.rdf
index 3a95f96..34e433c 100644
--- a/src/install.rdf
+++ b/src/install.rdf
@@ -6,7 +6,7 @@
         em:nameTorbutton</em:name>
         em:creatorMike Perry &amp; Kory Kirk</em:creator>
         em:id{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}</em:id>
-        em:version1.4.4.1</em:version>
+        em:version1.4.5pre</em:version>
         em:homepageURLhttps://www.torproject.org/torbutton/</em:homepageURL>
         em:optionsURLchrome://torbutton/content/preferences.xul</em:optionsURL>
         em:iconURLchrome://torbutton/skin/tor.png</em:iconURL>

    